Cisco Cisco Email Security Appliance C160 Betriebsanweisung
C-9
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Appendix C Example of Mail Policies and Content Filters
Overview of Incoming Mail Policies
Procedure
Step 1
Click the link for the Outbreak Filters feature security service (the Outbreak Filters column) in the
engineering policy row.
engineering policy row.
Because the policy was just added, the link is named:
(use default)
.
Figure C-10
Editing the Outbreak Filters Feature Settings for the Engineering Team Policy
Step 2
On the Outbreak Filters feature security service page, change the scanning setting for the policy to
“Enable Outbreak Filtering (Customize settings).”
“Enable Outbreak Filtering (Customize settings).”
Choosing “(Customize settings)” here allows you to override the settings defined in the default
policy.
policy.
Doing so will also enable the contents of the rest of the page to allow you to select different settings.
Step 3
In the “Bypass Attachment Scanning” section of the page, type
dwg
in the in the file extension field.
The file extension “
dwg
” is not in the list of known file type that the appliance can recognize by its
fingerprint when attachment scanning.
Note
You do not need to type the period (
.
) before the three letter filename extension.
Step 4
Click Add Extension to add
.dwg
files to the list of file extensions that will bypass Outbreak Filters
feature scanning.
Step 5
Click Enable Message Modification.
Enabling message modification allows the appliance to scan for targeted threats, such as phishing
and scams, and URLs to suspicious or malicious websites. The appliance can rewrite links in
messages to redirect the user through the Cisco Security proxy if they attempt to access the website.
and scams, and URLs to suspicious or malicious websites. The appliance can rewrite links in
messages to redirect the user through the Cisco Security proxy if they attempt to access the website.
Note
Anti-spamming scanning must be enabled on the mail policy in order for Outbreak Filters to scan
for targeted, non-viral threats.
for targeted, non-viral threats.
Step 6
Select for Enable for Unsigned Messages.
This allows the appliance to rewrite URLs in signed messages. You must enable URL rewriting to
be able to configure other Message Modification settings and the length of time that messages found
to be non-viral threats stay in the quarantine before being released. This example uses the default
retention time of 4 hours.
be able to configure other Message Modification settings and the length of time that messages found
to be non-viral threats stay in the quarantine before being released. This example uses the default
retention time of 4 hours.
Step 7
Enter example.com in the Bypass Domain Scanning field.
The appliance will not modify links to example.com.
Step 8
Select System Generated for the Threat Disclaimer.
The appliance can insert a disclaimer above the message body to warn the user about the message’s
contents. This example uses the system generated threat disclaimer.
contents. This example uses the system generated threat disclaimer.